# Policies

URL: https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies.md

## Pages

- [Enforce SBOM attestation with Policy Controller](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/enforce-sbom-attestation-with-policy-controller.md): Enforce SBOM attestation with Policy Controller
- [Disallowing Non-Default Capabilities](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/disallowing-non-default-capabilities-with-policy-controller.md): Using Policy Controller to prevent running pods with extra capabilities
- [Disallowing Privileged Pods](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/disallowing-privileged-containers-with-policy-controller.md): Using Policy Controller to prevent running privileged pods
- [Disallowing Run as Root User](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/disallowing-run-as-root-user-with-policy-controller.md): Using Policy Controller to prevent running pods as root
- [Maximum Container Image Age](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/maximum-image-age-policy-controller.md): Maximum container image age with Policy Controller
- [Disallowing Unsafe sysctls](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/disallowing-unsafe-sysctls-with-policy-controller.md): Use Policy Controller to limit pods to safe sysctls
- [Verify Signed Chainguard Containers](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/using-policy-controller-to-verify-signed-chainguard-images.md): Using Policy Controller to Verify Signed Chainguard Containers
- [Limit High or Critical CVEs in your Images Workloads](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/critical-cve-policy.md): How to use the vulnerability attestation with no High or Critical CVEs Policy
- [Rego Policies](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/chainguard-enforce-rego-policies.md): Writing Rego-based policies for Sigstore Policy Controller
- [Example Policies](https://edu.chainguard.dev/open-source/sigstore/policy-controller/policies/chainguard-enforce-policy-examples.md): Policy recipes